Skip to content

Commit d2eafbc

Browse files
nkvuongnfx
nkvuong
and
nfx
authored
Add documentation for databricks_permission_assignment (#1880)
* add doc for `databricks_permission_assignment` * feedback * address PR feedback Co-authored-by: Serge Smertin <[email protected]>
1 parent fe991f8 commit d2eafbc

File tree

2 files changed

+88
-1
lines changed

2 files changed

+88
-1
lines changed

docs/resources/mws_permission_assignment.md

Lines changed: 28 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ subcategory: "Security"
33
---
44
# databricks_mws_permission_assignment Resource
55

6-
These resources are invoked in the account context. Provider must have `account_id` attribute configured.
6+
These resources are invoked in the account context. Permission Assignment Account API endpoints are restricted to account admins. Provider must have `account_id` attribute configured. Account Id that could be found in the bottom left corner of Accounts Console
77

88
## Example Usage
99

@@ -63,3 +63,30 @@ resource "databricks_mws_permission_assignment" "add_admin_spn" {
6363
permissions = ["ADMIN"]
6464
}
6565
```
66+
67+
## Argument Reference
68+
69+
The following arguments are required:
70+
71+
* `workspace_id` - Databricks workspace ID.
72+
* `principal_id` - Databricks ID of the user, service principal, or group. The principal ID can be retrieved using the SCIM API, or using [databricks_user](../data-sources/user.md), [databricks_service_principal](../data-sources/service_principal.md) or [databricks_group](../data-sources/group.md) data sources.
73+
* `permissions` - The list of workspace permissions to assign to the principal:
74+
* `"USER"` - Can access the workspace with basic privileges.
75+
* `"ADMIN"` - Can access the workspace and has workspace admin privileges to manage users and groups, workspace configurations, and more.
76+
77+
## Import
78+
79+
The resource `databricks_mws_permission_assignment` can be imported using the workspace id and principal id
80+
81+
```bash
82+
terraform import databricks_mws_permission_assignment.this "workspace_id|principal_id"
83+
```
84+
85+
## Related Resources
86+
87+
The following resources are used in the same context:
88+
89+
* [databricks_group](group.md) to manage [groups in Databricks Workspace](https://docs.databricks.com/administration-guide/users-groups/groups.html) or [Account Console](https://accounts.cloud.databricks.com/) (for AWS deployments).
90+
* [databricks_group](../data-sources/group.md) data to retrieve information about [databricks_group](group.md) members, entitlements and instance profiles.
91+
* [databricks_group_member](group_member.md) to attach [users](user.md) and [groups](group.md) as group members.
92+
* [databricks_permission_assignment](permission_assignment.md) to manage permission assignment from a workspace context

docs/resources/permission_assignment.md

Lines changed: 60 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,60 @@
1+
---
2+
subcategory: "Security"
3+
---
4+
# databricks_permission_assignment Resource
5+
6+
These resources are invoked in the workspace context.
7+
8+
## Example Usage
9+
10+
In workspace context, adding account-level user to a workspace:
11+
12+
```hcl
13+
resource "databricks_user" "me" {
14+
user_name = "[email protected]"
15+
}
16+
17+
resource "databricks_permission_assignment" "add_user" {
18+
principal_id = databricks_user.me.id
19+
permissions = ["USER"]
20+
}
21+
```
22+
23+
In workspace context, adding account-level service principal to a workspace:
24+
25+
```hcl
26+
resource "databricks_service_principal" "sp" {
27+
display_name = "Automation-only SP"
28+
}
29+
30+
resource "databricks_permission_assignment" "add_admin_spn" {
31+
principal_id = databricks_service_principal.sp.id
32+
permissions = ["ADMIN"]
33+
}
34+
```
35+
36+
## Argument Reference
37+
38+
The following arguments are required:
39+
40+
* `principal_id` - Databricks ID of the user, service principal, or group. The principal ID can be retrieved using the account-level SCIM API, or using [databricks_user](../data-sources/user.md), [databricks_service_principal](../data-sources/service_principal.md) or [databricks_group](../data-sources/group.md) data sources with account API (and has to be an account admin). A more sensible approach is to retrieve the list of `principal_id` as outputs from another Terraform stack.
41+
* `permissions` - The list of workspace permissions to assign to the principal:
42+
* `"USER"` - Can access the workspace with basic privileges.
43+
* `"ADMIN"` - Can access the workspace and has workspace admin privileges to manage users and groups, workspace configurations, and more.
44+
45+
## Import
46+
47+
The resource `databricks_permission_assignment` can be imported using the principal id
48+
49+
```bash
50+
terraform import databricks_permission_assignment.this principal_id
51+
```
52+
53+
## Related Resources
54+
55+
The following resources are used in the same context:
56+
57+
* [databricks_group](group.md) to manage [groups in Databricks Workspace](https://docs.databricks.com/administration-guide/users-groups/groups.html) or [Account Console](https://accounts.cloud.databricks.com/) (for AWS deployments).
58+
* [databricks_group](../data-sources/group.md) data to retrieve information about [databricks_group](group.md) members, entitlements and instance profiles.
59+
* [databricks_group_member](group_member.md) to attach [users](user.md) and [groups](group.md) as group members.
60+
* [databricks_mws_permission_assignment](mws_permission_assignment.md) to manage permission assignment from an account context

0 commit comments

Comments
 (0)